Methods and Apparatus for Managing Secured Software for a Wireless Device

1. A method of managing software for a wireless device, where the protected software package includes a software application having a plurality of features, which are separately executable, a validation license, a digital rights management (DRM) license and a feature license, the method comprising: creating the software application; creating the validation license; creating a first combination of the validation license with the software application; protecting the first combination using a DRM scheme; creating the DRM license for the DRM-protected first combination; creating the feature license, which authorizes execution of a predefined subset of the plurality of features; and creating a protected software package of the DRM-protected first combination, the DRM license and the feature license.

2. A method as described in claim 1 , wherein creating the validation license includes verifying the software application for a software bug or a software virus.

3. A method as described in claim 2 , wherein creating the DRM license includes granting a first device a right to access the software application, where the first device is identified by one of a device identification, a certificate and a public key.

4. A method as described in claim 3 , wherein the plurality of features includes at least a first feature and wherein creating the feature license includes granting the first device a right to access a first feature of the software application.

5. A method as described in claim 4 , further comprising: installing the software application on the first device; presenting a list of features from the software application to a user; and executing the first feature on the first device.

6. A method of claim 4 , further comprising: receiving the protected software package on the first device; verifying the DRM license using a DRM verification key; enforcing the DRM license rule for installing the protected software package; unwrapping the DRM license, the feature license and the validation license from the protected software package; storing the DRM license, the feature license, the validation license and the software application on the first device; and verifying the feature license using a feature verification key.

7. A method of claim 6 , further comprising verifying the validation license.

8. A method of claim 6 , further comprising enforcing a DRM license.

9. A method of claim 6 , wherein the DRM license rule is enforced using one of (1) the device identification, (2) a DRM license signature, (3) a set of rules in the DRM license.

10. A method of claim 6 , further including removing the DRM license, the feature license, the validation license and the software application from the first device if the validation license is bad.

11. A method of claim 6 , further including executing the first feature on the first device if the feature license authorizes the first device to execute the first feature.

12. A method of claim 6 , wherein the first device receives the protected software package over a wireless communication medium.

13. A system for managing distribution of a software application having a plurality of features, the system comprising: an application generator adapted to create the software application; a validation server adapted to create a validation license; and a distribution server adapted to (1) create a first combination of the validation license and the software application, (2) protecting the first combination, (3) create a digital rights management (DRM) license for the encrypted first combination, (4) create a feature license, which authorizes execution of a predefined subset of the plurality of features of the software application, and (5) create a protected software package as a combination of the encrypted first combination, the DRM license and the feature license.

14. A system as described in claim 13 , wherein the validation server is further adapted to create the validation license after verifying the software application for a software bug or a software virus.

15. A system as described in claim 14 , wherein the distribution server is further adapted to create the DRM license by granting a first device a right to access the software application, where the first device is identified by one of a device identification, a certificate and a public key.

16. A system as described in claim 15 , wherein the plurality of features includes at least a first feature and wherein the distribution server is further adapted to create the feature license by granting the first device a right to access a first feature of the software application.

17. A system as described in claim 16 , further comprising: an application installer adapted to install the protected software package on the first device; an application manager adapted to present the software application to a user; and an execution unit adapted to execute the first feature of the software application.

18. A system as described in claim 17 , wherein the application installer is further adapted to (1) receive the protected software package on the first device, (2) verify a DRM license using a DRM verification key, (3) enforce a DRM license rule for installing the software package; (4) unwrap the DRM license, the feature license and the validation license from the protected software package, (5) store the DRM license, the feature license, the validation license and the software application, (6) verify integrity and authenticity of the feature license using a feature verification key.

19. A system as described in claim 18 , wherein the application installer is further adapted to verify the validation license using a validation verification key.

20. A system as described in claim 19 , further adapted to remove the DRM license, the feature license, the validation license and the software application from the first device if the validation license is bad.

21. A system as described in claim 18 , wherein the application installer is further adapted to enforce a DRM license rule for executing the software package.

22. A system as described in claim 21 , wherein the execution unit is further adapted to execute the first feature on the first device if the feature license authorizes the first device to execute the first feature.

23. A system as described in claim 18 , further adapted to enforce the DRM license rule using one of (1) the device identification, (2) the DRM license signature, and (3) a set of rules in the DRM license.

24. A system as described in claim 21 , wherein the first device receives the protected software package over a wireless communication medium.

25. A protected software package for use on a first device comprising: a software application to be executed on the first device containing multiple separately accessible sets of features including at least a first set of features; a validation license to verify integrity of the software application; a digital rights management (DRM) license to grant the first device a first set of rights to execute and install the software application; and a feature license granting the first device a second set of rights to execute the first set of features.

26. A protected software package as described in claim 25 , wherein the validation license comprises: an application hash value to verify the integrity and authenticity of the software application; and a combination of a validation key information and a validation signature to verify the validation license.

27. A protected software package as described in claim 25 , wherein the DRM license comprises: a set of DRM rules specifying the first set of rights; a device identification specifying the first device; and a combination of DRM key information and a DRM signature to verify the DRM license.

28. A protected software package as described in claim 25 , wherein the feature license comprises: a list of features which can be executed on the first device; a device identification specifying the first device; and a combination of feature key information and a feature signature to verify the feature license.

29. A user equipment to be used in a first device to receive a protected software package containing a software application having a plurality of features, which are separately executable, a validation license, a digital rights management (DRM) license and a feature license, which authorizes execution of a predefined subset of the plurality of features, the user equipment comprising: an application installer adapted to install the protected software package on the first device; an application manager adapted to present the software application to a user; and an execution unit adapted to execute the features of the software application including a first feature from the predefined subset of the plurality of features, which are authorized for execution.

30. A user equipment as described in claim 29 further comprising: a validation checking module to verify the validation license; a DRM unwrapping module to enforce a first set of rules from the DRM license; a DRM checking module to verify that the first device has a right to execute the software application; and a feature checking module to verify that the first device has a right to execute the first feature of the software application.

31. For use with a first device having a protected software package containing a software application having a plurality of features, which are separately executable, a validation license, a digital rights management (DRM) license and a feature license, which authorizes execution of a predefined subset of the plurality of features, a computer program embodied in at least one computer readable medium comprising: first software for validating the validation license using a validation key information and a validation signature; second software for enforcing a first set of rules from the DRM license using a DRM key information and a DRM signature; third software for verifying that the first device has a right to execute the software application; and fourth software to verify that the first device has a right to execute a first feature of the software application.

32. A computer program as described in claim 31 , further comprising a fifth software to remove the protected software package from a memory of the first device if the first device does not have a right to execute the software application.